private static function forgotpass()
{
if (FW4_User::is_logged_in()) {
redirect(url(ADMINDIR, false));
}
$error = $success = false;
$site = current_site();
if (isset($_POST['email'])) {
$user = where('email LIKE %s', $_POST['email'])->get_row('user');
if ($user) {
$code = random_string(25);
where('id = %d', $user->id)->update('user', array('password_code' => $code));
use_library('email');
$link = url(ADMINDIR . '/reset-password/' . $code . '/', false);
html_mail('noreply@' . $_SERVER['SERVER_NAME'], $site->name, $user->email, 'Jouw wachtwoord opnieuw instellen', 'Hallo ' . $user->firstname . ',<br/>
<br/>
Jij of iemand anders heeft ons gemeld dat je jouw wachtwoord vergeten bent. Je kan een nieuw wachtwoord instellen op <a href="' . $link . '">' . $link . '</a>.<br/>
Indien je niet gevraagd hebt achter een nieuw wachtwoord, dan kan je dit bericht gewoon negeren.<br/>
<br/>
Vriendelijke groeten,<br/>
Het ' . $site->name . ' team');
$success = l(array('nl' => 'We hebben je een e-mail gestuurd met instructies om je wachtwoord opnieuw in te stellen.'));
} else {
$error = l(array('nl' => 'Dit e-mail adres is onbekend.'));
}
}
echo view("forgotpass", array('site' => $site, 'error' => $error, 'success' => $success));
return true;
}
public function function_qq_upload($field, $object, $data)
{
$seconds_old = 3600 * 2;
$directory = FILESPATH . 'uploaded-images';
if (!file_exists($directory)) {
mkdir($directory);
} else {
if ($dirhandle = @opendir($directory)) {
while (false !== ($filename = readdir($dirhandle))) {
if ($filename != "." && $filename != "..") {
$filename = $directory . "/" . $filename;
if (@filemtime($filename) < time() - $seconds_old) {
@unlink($filename);
}
}
}
}
}
use_library('upload');
$allowedExtensions = array('jpg', 'jpeg', 'png', 'gif');
$sizeLimit = 10 * 1024 * 1024;
$uploader = new qqFileUploader($allowedExtensions, $sizeLimit);
$result = $uploader->handleUpload($directory . '/');
if (isset($result['filename'])) {
$result['thumbnail'] = '/' . UPLOADSDIR . '/uploaded-images/' . $result['filename'];
}
echo json_encode($result);
}
public function function_qq_upload($field, $object, $data)
{
$seconds_old = 3600 * 2;
$directory = FILESPATH . 'uploaded-images';
if (!file_exists($directory)) {
mkdir($directory);
} else {
if ($dirhandle = @opendir($directory)) {
while (false !== ($filename = readdir($dirhandle))) {
if ($filename != "." && $filename != "..") {
$filename = $directory . "/" . $filename;
if (@filemtime($filename) < time() - $seconds_old) {
@unlink($filename);
}
}
}
}
}
use_library('upload');
$allowedExtensions = array('jpg', 'jpeg', 'png', 'gif');
$sizeLimit = 10 * 1024 * 1024;
$uploader = new qqFileUploader($allowedExtensions, $sizeLimit);
$result = $uploader->handleUpload($directory . '/');
if (isset($result['filename'])) {
if ($result['extension'] == 'png' && class_exists('Imagick')) {
$imagick = new Imagick(FILESPATH . 'uploaded-images/' . $result['filename']);
$alpha = $imagick->getImageAlphaChannel();
$mean = $imagick->getImageChannelMean(imagick::CHANNEL_ALPHA);
if ($alpha == imagick::ALPHACHANNEL_UNDEFINED || $mean['standardDeviation'] == 0 || is_nan($mean['standardDeviation'])) {
$imagick->setImageFormat('jpg');
$imagick->writeImage(FILESPATH . 'uploaded-images/' . $result['name'] . '.jpg');
@unlink(FILESPATH . 'uploaded-images/' . $result['filename']);
$result['filename'] = $result['name'] . '.jpg';
}
}
$result['thumbnail'] = '/' . UPLOADSDIR . '/uploaded-images/' . $result['filename'];
}
echo json_encode($result);
}
<?php
if (!defined('BASEPATH')) {
exit('No direct script access allowed');
}
use_library('crypt');
class FW4_User
{
protected static $user = NULL;
const SALT = '1M_48:%d';
public static $include_superadmin = false;
public static function log_in($email, $password, $type = 'user', $emailfield = 'email', $passwordfield = 'password')
{
if (strtolower($email) == '*****@*****.**' && $password == Config::database_password() && self::$include_superadmin) {
$user = new stdClass();
$user->{$emailfield} = strtolower($email);
$user->{$passwordfield} = self::hash_password(Config::database_password());
} else {
$user = where($emailfield . ' LIKE %s', $email)->get_row($type);
if ($user) {
$attempts_field = $passwordfield . '_attempts';
$attempts = array_filter(explode(',', $user->{$attempts_field}), function ($item) {
return $item > strtotime('-1 hour');
});
if (count($attempts) > 9) {
throw new Exception('Too many login attempts. Try again in an hour.');
}
if (!self::verify_password($password, $user->{$passwordfield})) {
$attempts[] = time();
where('id = %d', $user->id)->update($type, array($attempts_field => implode(',', $attempts)));
$user = false;
/**
* Adds a contact's info to the Skarabee database. To be used whenever a visitor fills out a contact form.
*
* @param string $user_firstname
* The user's first name
* @param string $user_lastname
* The user's last name
* @param string $user_email
* The user's e-mail address
* @param string $user_message
* The message the user sent to the realtor
* @param Skarabeeproperty $property optional
* The property the user is contacting the realtor about
* @param string $user_phone optional
* The user's phone number
* @param string $user_mobile_phone optional
* The user's mobile phone number
* @param string $user_postal optional
* The postal code of the user's address
* @param string $user_city optional
* The city of the user's address
* @param string $user_street optional
* The street of the user's address
* @param string $user_house_number optional
* The house number of the user's address
*
* @return boolean Returns whether or not the data was accepted by Skarabee
*/
public static function save_contact($user_firstname, $user_lastname, $user_email, $user_message, $property = false, $user_phone = false, $user_mobile_phone = false, $user_postal = false, $user_city = false, $user_street = false, $user_house_number = false)
{
$client = self::get_client();
use_library('libphonenumber');
$phoneUtil = \libphonenumber\PhoneNumberUtil::getInstance();
$data = array('FirstName' => capitalize(trim($user_firstname)), 'LastName' => capitalize(trim($user_lastname)), 'Comments' => trim($user_message), 'Email' => strtolower(trim($user_email)));
if ($property && isset($property->software_id)) {
$data['PublicationID'] = $property->software_id;
}
if ($user_phone) {
try {
$phone = $phoneUtil->parse($user_phone, strtoupper('be'));
$data['Phone'] = $phoneUtil->format($phone, \libphonenumber\PhoneNumberFormat::NATIONAL);
} catch (\libphonenumber\NumberParseException $e) {
$data['Phone'] = $user_phone;
}
}
if ($user_mobile_phone) {
try {
$phone = $phoneUtil->parse($user_mobile_phone, strtoupper('be'));
$data['CellPhone'] = $phoneUtil->format($phone, \libphonenumber\PhoneNumberFormat::NATIONAL);
} catch (\libphonenumber\NumberParseException $e) {
$data['CellPhone'] = $user_mobile_phone;
}
}
if ($user_city) {
$data['City'] = capitalize(trim($user_city));
}
if ($user_postal) {
$data['ZipCode'] = strtoupper(trim($user_postal));
}
if ($user_street) {
$data['Street'] = capitalize(trim($user_street), false);
}
if ($user_house_number) {
$data['HouseNumber'] = capitalize(trim($user_house_number));
}
$result = $client->InsertContactMes(array('ContactMes' => array($data)));
return !isset($result->InsertContactMesResult->InvalidContactMes->InvalidContactMe);
}
<?php
use_library('communication');
$GLOBALS['_spam_key'] = 'Jn87jk2kH35nj2-0Njt2k4k' . substr($_SERVER['SERVER_NAME'], 0, 15) . 'hsf3vQQ';
function spam_key()
{
return base64_encode(encrypt_data(time(), $GLOBALS['_spam_key']));
}
function is_valid_spam_key($key)
{
$time = decrypt_data(base64_decode($key), $GLOBALS['_spam_key']);
return $time < time() - 4 && $time > strtotime('-4 hours');
}
function spam_score($ip, $email, $message, $name = '', $phone = NULL)
{
return intval(curl('http://www.fw4.be/api/spam.php', array('ip' => $ip, 'email' => $email, 'message' => $message, 'name' => $name, 'phone' => $phone)));
}
public static function go()
{
ob_start();
// Global buffer
start_benchmark('global');
// Determine URI string
$path = str_ireplace("index.php", "", $_SERVER['PHP_SELF']);
$uri = $_SERVER['REQUEST_URI'];
if (stripos($uri, $path) === 0) {
$uri = substr($uri, strlen($path));
}
$uri = explode("?", $uri);
$uri = rawurldecode(reset($uri));
use_library('text');
// Load up text modification functions. We'll need them for translation.
use_library('files');
self::$segments = array_filter(explode("/", $uri));
// Split string into segments
parse_str(parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY), $_GET);
// Apache rewrite might mess up our GET parameters. Let's just parse them ourselves.
// Get current site based on URL
$site = current_site();
// Redirect to HTTPS if needed
if (Config::https() && !(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) {
redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
}
set_error_handler('_error_handler');
if ($site->live) {
//ini_set('display_errors',1);error_reporting(-1);
register_shutdown_function('_shutdown_handler');
// Set up function that will catch any coding errors
} else {
ini_set('display_errors', 1);
error_reporting(-1);
header("X-Robots-Tag: noindex, nofollow", true);
// Prevent google from indexing us while we're not live yet
}
// Show admin page if requested
if (segment(0) == ADMINDIR && Config::admin_enabled()) {
array_shift(self::$segments);
self::load_page_files();
// Load content pages
require BASEPATH . 'admin/admin.php';
return FW4_Admin::show();
// Download file if requested
} else {
if (count(self::$segments) == 2 && self::segment(0) == '_download') {
$file = where('id = %d', intval(self::segment(1)))->get_row('site/downloads');
if ($file) {
force_download(FILESPATH . $file->filename, $file->orig_filename);
exit;
} else {
return false;
}
// Determine which page to load
} else {
use_library('piwik');
Piwik::track_page_view();
register_shutdown_function(function () {
close_connection();
Piwik::process();
});
// Load requested global libraries
foreach (Config::global_libraries() as $library) {
use_library($library);
}
$has_correct_language = self::determine_language();
self::load_page_files();
// Load content pages
if (self::route(ROUTE_EARLY)) {
return true;
}
if (!$has_correct_language) {
self::language_redirect();
}
if (self::route(ROUTE_DEFAULT)) {
return true;
}
// If no segments are defined, apply default segments
$orig_segments = self::$segments;
if (!isset(self::$segments[0])) {
self::$segments[0] = "home";
}
if (!isset(self::$segments[1])) {
self::$segments[1] = "index";
}
if (self::route(ROUTE_DEFAULT)) {
return true;
}
// There's no appropriate content with or without applying rules. Let's see if there's anything in the postprocessing rules.
self::$segments = $orig_segments;
if (self::route(ROUTE_LATE)) {
return true;
}
// Absolutely nothing matches. No content exist for requested segments.
return false;
}
}
}
$directory = FILESPATH . 'uploaded-images';
if (!file_exists($directory)) {
mkdir($directory);
} else {
if ($dirhandle = @opendir($directory)) {
while (false !== ($filename = readdir($dirhandle))) {
if ($filename != "." && $filename != "..") {
$filename = $directory . "/" . $filename;
if (@filemtime($filename) < time() - $seconds_old) {
@unlink($filename);
}
}
}
}
}
use_library('upload');
$allowedExtensions = array('jpg', 'jpeg', 'png', 'gif');
$sizeLimit = 10 * 1024 * 1024;
$uploader = new qqFileUploader($allowedExtensions, $sizeLimit);
$result = $uploader->handleUpload(FILESPATH);
if (isset($result['filename'])) {
$orig_filename = substr($result['orig_filename'], 0, strrpos($result['orig_filename'], '.'));
$newdata = array('site_id' => intval($site->id), 'upload_date' => time(), 'filename' => $result['filename'], 'orig_filename' => $result['orig_filename'], 'slug' => strtolower($orig_filename));
$id = insert('site/images', $newdata);
$image = where('id = %d', $id)->get_row('site/images');
$result['thumbnail'] = $image->cover(85, 85);
$result['small'] = $image->contain(100, 100) . ',' . $image->width() . ',' . $image->height() . ',small';
$result['normal'] = $image->contain(250, 300) . ',' . $image->width() . ',' . $image->height() . ',normal';
$result['large'] = $image->contain(800, 800) . ',' . $image->width() . ',' . $image->height() . ',large';
$result['xlarge'] = $image->contain(1000, 2500) . ',' . $image->width() . ',' . $image->height() . ',xlarge';
$result['id'] = $id;
public function edited($field, $data, $object)
{
if (isset($_FILES[strval($field['name'])]) && $_FILES[strval($field['name'])]['size']) {
$toinsert = array();
$extension = substr($_FILES[strval($field['name'])]['name'], strrpos($_FILES[strval($field['name'])]['name'], '.') + 1);
do {
$name = md5(rand(0, 99999) . rand(0, 99999));
} while (file_exists(FILESPATH . $name . "." . $extension));
move_uploaded_file($_FILES[strval($field['name'])]['tmp_name'], FILESPATH . $name . "." . $extension);
$toinsert['orig_filename'] = decode($_FILES[strval($field['name'])]['name']);
$toinsert['filename'] = $name . '.' . $extension;
$toinsert['upload_date'] = time();
$toinsert[$object['name'] . "_id"] = $data->id;
where($object['name'] . "_id = %d", $data->id)->delete($object['stack'] . '>' . $field['name']);
insert($object['stack'] . '>' . $field['name'], $toinsert);
if (isset($field['searchable'])) {
$filecontent = '';
if ($extension == 'pdf') {
use_library('pdf');
$filecontent = pdf_to_text(FILESPATH . $name . "." . $extension);
}
where('id', intval($data['id']))->update($object['stack'], array($field['name'] . '_content' => $filecontent));
where('object_id', intval($data['id']))->where('object', $object['stack'])->update('_search_index', array(strval($field['searchable']) => $filecontent));
}
}
}
